A cynic might say there are two kinds of internet businesses, those that have been hacked, and those that are going to be hacked. An even more cynical view is that there are those whose managers know they’ve been hacked and those that have been hacked but whose managers are blissfully ignorant of the breach. Thus, the question becomes under what circumstances it would be most prudent for management to engage an enterprise consultant to help them with damage control, so that whatever harm has been done does not become so severe as to threaten the survival of the business.
Therefore, it is always timely to consider what steps to take to get the internet security issue under sufficient control that you can conduct your business with reasonable peace of mind:
- Planning. Of course, an enterprise must not wait until an actual hacking event takes place. Arrangements need to be made beforehand, including for the provision of expert help in coping with the event.
- Documentation. The plans for preventing and responding to a hacking event need to be documented, and employees need to be trained as to how to respond.
- Regulatory issues. Part of the planning process is the determination of who should be informed, both within and without the company. For example, in some regulated industries, protocols have been established for the notification of the regulator and for notices to be sent to customers whose accounts may or have been affected. Satisfaction of these requirements will be important in controlling the damage and limiting the resulting exposure to liability and reputational risk.
- Redundancy. Presumably, before the hacking event, arrangements have been made for redundant facilities to be available in the event of such an occurrence. Then, once the event has taken place, it is time to activate those procedures, including contacting employees and consultants who would be responsible for activating the response procedures.
- Insurance. If insurance is in place against hacking, timely notification will have to be made to insurance company, and a timely claim must be made.
- Preserve evidence. It can be crucial to make sure that links to the hacking activity can be traced, so the active memory of the computer must remain available to forensic experts for their study.
- Inventory. Part of the forensic process will be to determine and to document exactly what data has been stolen or compromised. This information will also feed back into the issues of who must be notified of the breach.